fix: retry media requests once on 401 with refreshed session

There is a timing window between when the SDK refreshes its access
token (tokenRefreshFunction resolves and pushSessionToSW is called)
and when the resulting setSession postMessage is processed by the SW.
Media requests that land in this window carry the stale token and
receive 401. The browser then retries those image/video loads, hitting
the SW again with the same stale token — producing the repeated 401
bursts visible in the console.

fetchMediaWithRetry() resolves this by retrying once on 401: it
re-checks the in-memory sessions map (and preloadedSession fallback)
for a different access token. By the time the retry runs, setSession
will normally have been processed and the map will hold the new token.
Applied consistently across all four branches of the fetch handler.

Author: Just-Insane

src/sw.ts

@@ -579,6 +579,37 @@ function fetchConfig(token: string): RequestInit {
   };
 }
 
+/**
+ * Fetch a media URL, retrying once with the most-current in-memory session on 401.
+ *
+ * There is a timing window between when the SDK refreshes its access token
+ * (tokenRefreshFunction resolves) and when the resulting pushSessionToSW()
+ * postMessage is processed by the SW. Media requests that land in this window
+ * are sent with the stale token and receive 401. By the time the retry runs,
+ * the setSession message will normally have been processed and sessions will
+ * hold the new token.
+ */
+async function fetchMediaWithRetry(
+  url: string,
+  token: string,
+  redirect: RequestRedirect,
+  clientId: string
+): Promise<Response> {
+  const response = await fetch(url, { ...fetchConfig(token), redirect });
+  if (response.status !== 401) return response;
+
+  const updated =
+    (clientId ? sessions.get(clientId) : undefined) ??
+    [...sessions.values()].find((s) => validMediaRequest(url, s.baseUrl)) ??
+    preloadedSession;
+
+  if (updated && updated.accessToken !== token && validMediaRequest(url, updated.baseUrl)) {
+    return fetch(url, { ...fetchConfig(updated.accessToken), redirect });
+  }
+
+  return response;
+}
+
 self.addEventListener('message', (event: ExtendableMessageEvent) => {
   if (event.data.type === 'togglePush') {
     const token = event.data?.token;
@@ -609,7 +640,7 @@ self.addEventListener('fetch', (event: FetchEvent) => {
 
   const session = clientId ? sessions.get(clientId) : undefined;
   if (session && validMediaRequest(url, session.baseUrl)) {
-    event.respondWith(fetch(url, { ...fetchConfig(session.accessToken), redirect }));
+    event.respondWith(fetchMediaWithRetry(url, session.accessToken, redirect, clientId));
     return;
   }
 
@@ -629,7 +660,7 @@ self.addEventListener('fetch', (event: FetchEvent) => {
       ? preloadedSession
       : undefined);
   if (byBaseUrl) {
-    event.respondWith(fetch(url, { ...fetchConfig(byBaseUrl.accessToken), redirect }));
+    event.respondWith(fetchMediaWithRetry(url, byBaseUrl.accessToken, redirect, clientId));
     return;
   }
 
@@ -639,7 +670,7 @@ self.addEventListener('fetch', (event: FetchEvent) => {
     event.respondWith(
       loadPersistedSession().then((persisted) => {
         if (persisted && validMediaRequest(url, persisted.baseUrl)) {
-          return fetch(url, { ...fetchConfig(persisted.accessToken), redirect });
+          return fetchMediaWithRetry(url, persisted.accessToken, redirect, '');
         }
         return fetch(event.request);
       })
@@ -651,13 +682,13 @@ self.addEventListener('fetch', (event: FetchEvent) => {
     requestSessionWithTimeout(clientId).then(async (s) => {
       // Primary: session received from the live client window.
       if (s && validMediaRequest(url, s.baseUrl)) {
-        return fetch(url, { ...fetchConfig(s.accessToken), redirect });
+        return fetchMediaWithRetry(url, s.accessToken, redirect, clientId);
       }
       // Fallback: try the persisted session (helps when SW restarts on iOS and
       // the client window hasn't responded to requestSession yet).
       const persisted = await loadPersistedSession();
       if (persisted && validMediaRequest(url, persisted.baseUrl)) {
-        return fetch(url, { ...fetchConfig(persisted.accessToken), redirect });
+        return fetchMediaWithRetry(url, persisted.accessToken, redirect, clientId);
       }
       console.warn(
         '[SW fetch] No valid session for media request',